release: update 1.3.0 docs

CHANGELOG.md

@@ -1,12 +1,13 @@
 # CHANGELOG
 
-## 1.3.0 -- TBD
+## 1.3.0 -- 2020/7/31
 
 ### New Feature
-* Round-robbin IP allocation replaces small to big allocation
-* Support gateway QoS
-* Support session affinity service
-* Beta support for hardware offload
+* Hardware offload to boost performance in Bare-Metal environment
+* Assigning a specific pod as gateway
+* Central gateway QoS
+* Session affinity service
+* Round-robbin IP allocation to relieve IP conflict
 
 ### Security
 * Use gosec to audit code security
@@ -17,6 +18,7 @@
 * Missing package for arm images
 * Node annotation overwrite incorrectly
 * Create/Delete order might lead ip conflict
+* Add MSS rules to resolve MTU issues
 
 ### Monitoring
 * kubectl-ko support ovs-tracing
@@ -25,8 +27,10 @@
 ### Misc
 * Update OVN to 20.06
 * CRD version upgrade to v1
+* Optimize ARM build
 * Refactor ovs cmd with ovs.Exec
 * OVS-DPDK support config file
+* Add DPDK tools in OVS_DPDK image
 * Reduce image size of OVS-DPDK
 
 ## v1.2.1 -- 2020/06/22

README.md

@@ -22,13 +22,14 @@ The Kube-OVN community is waiting for you participation!
 - **Network Policy**: Implementing networking.k8s.io/NetworkPolicy API by high performance ovn ACL.
 - **Static IP Addresses for Workloads**: Allocate random or static IP addresses to workloads.
 - **IPAM for Multi NIC**: A cluster-wide IPAM for CNI plugins other than Kube-OVN, such as macvlan/vlan/host-device to take advantage of subnet and static ip allocation functions in Kube-OVN.
-- **Dynamic QoS**: Configure Pod Ingress/Egress traffic rate limits on the fly.
+- **Dynamic QoS**: Configure Pod/Gateway Ingress/Egress traffic rate limits on the fly.
 - **Embedded Load Balancers**: Replace kube-proxy with the OVN embedded high performance distributed L2 Load Balancer.
 - **Distributed Gateways**: Every Node can act as a Gateway to provide external network connectivity.
 - **Namespaced Gateways**: Every Namespace can have a dedicated Gateway for Egress traffic.
 - **Direct External Connectivity**：Pod IP can be exposed to external network directly.
 - **BGP Support**: Pod IP can be exposed to external by BGP router protocol.
 - **Traffic Mirror**: Duplicated container network traffic for monitoring, diagnosing and replay.
+- **Hardware Offload**: Boost network performance and save CPU resource by offloading OVS flow table to hardware.
 - **Vlan Support**: Kube-OVN also support underlay Vlan mode network for better performance and throughput.
 - **DPDK Support**: DPDK application now can run in Pod with OVS-DPDK.
 - **IPv6 Support**: Kube-OVN supports ipv6-only mode pod network.
@@ -37,7 +38,6 @@ The Kube-OVN community is waiting for you participation!
 - **Prometheus & Grafana Integration**: Exposing network quality metrics like pod/node/service/dns connectivity/latency in Prometheus format.
 
 ## Planned Future Work
-- Hardware Offloading and DPDK Support
 - Multi-Cluster Network
 - Policy-based QoS
 - More Metrics and Traffic Graph
@@ -65,9 +65,11 @@ If you want to install Kubernetes from scratch, you can try [kubespray](https://
 - [Subnet Isolation](docs/subnet.md#isolation)
 - [Static IP](docs/static-ip.md)
 - [Dynamic QoS](docs/qos.md)
-- [Gateway and Direct connect](docs/subnet.md#gateway)
+- [Subnet Gateway and Direct connect](docs/subnet.md#gateway)
+- [Pod Gateway](docs/pod-gw.md)
 - [BGP support](docs/bgp.md)
 - [Multi NIC Support](docs/multi-nic.md)
+- [Hardware Offload](docs/hw-offload.md)
 - [Vlan Support](docs/vlan.md)
 - [DPDK Support](docs/dpdk.md)
 - [Traffic Mirror](docs/mirror.md)
@@ -116,4 +118,6 @@ The main difference from the design point is the encapsulation method. Calico us
 
 Use encapsulation can lower the requirement on networking, and isolate containers and underlay network from logical. We can use the overlay technology to build a much complex network concept, like router, gateway, and vpc. For performance, ovs can make use of hardware offload and DPDK to enhance throughput and latency.
 
+Kube-OVN can also work in non-encapsulation mode, that take use of underlay switches to switch the packets or use hardware offload to achieve better performance than kernel datapath.
+
 From the function set, Kube-OVN can offer some more abilities like static ip, QoS and traffic mirror. The subnet in Kube-OVN and ippool in Calico share some same function set.

docs/dpdk.md

@@ -62,7 +62,7 @@ dpdk-hugepage-dir=/dev/hugepages
 ## To Install
 
 1. Download the installation script:
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/dist/images/install.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/dist/images/install.sh`
 
 2. Use vim to edit the script variables to meet your requirement
 ```bash

docs/high-available.md

@@ -8,7 +8,7 @@ Change the replicas to 3, and add NODE_IPS environment var points to node that h
       replicas: 3
       containers:
         - name: ovn-central
-          image: "kubeovn/kube-ovn:v1.2.0"
+          image: "kubeovn/kube-ovn:v1.3.0"
           imagePullPolicy: Always
           env:
             - name: POD_IP

docs/hw-offload.md

@@ -7,6 +7,7 @@ By taking use of SR-IOV technology we can achieve low network latency and high t
 ## Prerequisites
 - Mellanox ConnectX-5 Card with OVS-Kernel ASAP² Packages
 - Linux Kernel 5.7 or above
+- MLNX-OFED 5.1
 - SR-IOV Device Plugin
 - Multus-CNI
 
@@ -80,6 +81,14 @@ echo 0000:42:00.3 > /sys/bus/pci/drivers/mlx5_core/bind
 echo 0000:42:00.4 > /sys/bus/pci/drivers/mlx5_core/bind
 echo 0000:42:00.5 > /sys/bus/pci/drivers/mlx5_core/bind
 ```
+
+10. Disable NetworkManager if it's running
+
+```bash
+systemctl stop NetworkManager
+systemctl disable NetworkManager
+```
+
 ### Install SR-IOV Device Plugin
 1. Create a ConfigMap that defines SR-IOV resource pool configuration
 ```yaml
@@ -179,3 +188,11 @@ spec:
       limits:
         mellanox.com/cx5_sriov_switchdev: '1'
 ```
+### Verify If Offload Works
+```bash
+ovs-appctl dpctl/dump-flows -m type=offloaded
+ufid:91cc45de-e7e9-4935-8f82-1890430b0f66, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(5b45c61b307e_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:c5:6d:4e,dst=00:00:00:e7:16:ce),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:941539, bytes:62142230, used:0.260s, offloaded:yes, dp:tc, actions:54235e5753b8_h
+ufid:e00768d7-e652-4d79-8182-3291d852b791, skb_priority(0/0),skb_mark(0/0),ct_state(0/0x23),ct_zone(0/0),ct_mark(0/0),ct_label(0/0x1),recirc_id(0),dp_hash(0/0),in_port(54235e5753b8_h),packet_type(ns=0/0,id=0/0),eth(src=00:00:00:e7:16:ce,dst=00:00:00:c5:6d:4e),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=0.0.0.0/0.0.0.0,proto=0/0,tos=0/0,ttl=0/0,frag=no), packets:82386659, bytes:115944854173, used:0.260s, offloaded:yes, dp:tc, actions:5b45c61b307e_h
+```
+
+You can find `offloaded:yes, dp:tc` if all works well.

docs/install.md

@@ -22,7 +22,7 @@ Kube-OVN provides a one script install to easily install a high-available, produ
 
 1. Download the installer scripts
 
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/dist/images/install.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/dist/images/install.sh`
 
 2. Use vim to edit the script variables to meet your requirement
 ```bash
@@ -33,7 +33,7 @@ Kube-OVN provides a one script install to easily install a high-available, produ
  JOIN_CIDR="100.64.0.0/16"              # Do NOT overlap with NODE/POD/SVC CIDR
  LABEL="node-role.kubernetes.io/master" # The node label to deploy OVN DB
  IFACE=""                               # The nic to support container network, if empty will use the nic that the default route use
- VERSION="v1.2.1"
+ VERSION="v1.3.0"
 ```
 
 3. Execute the script
@@ -51,19 +51,19 @@ For Kubernetes version before 1.17 please use the following command to add the n
     `kubectl label node <Node on which to deploy OVN DB> kube-ovn/role=master`
 2. Install Kube-OVN related CRDs
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/yamls/crd.yaml`
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/yamls/crd.yaml`
 3. Install native OVS and OVN components:
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/yamls/ovn.yaml`
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/yamls/ovn.yaml`
 4. Install the Kube-OVN Controller and CNI plugins:
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/yamls/kube-ovn.yaml`
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/yamls/kube-ovn.yaml`
 
 That's all! You can now create some pods and test connectivity.
 
 For high-available ovn db, see [high available](high-available.md)
 
-If you want to enable IPv6 on default subnet and node subnet, please apply https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/yamls/kube-ovn-ipv6.yaml on Step 3.
+If you want to enable IPv6 on default subnet and node subnet, please apply https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/yamls/kube-ovn-ipv6.yaml on Step 3.
 
 ## More Configuration
 
@@ -113,7 +113,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a
 1. Remove Kubernetes resources:
 
     ```bash
-    wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/dist/images/cleanup.sh
+    wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/dist/images/cleanup.sh
     bash cleanup.sh
     ```
 

docs/ipv6.md

@@ -2,4 +2,4 @@
 
 Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and  service discovery if you use a protocol other than the kubernetes control plan. We recommend you use only one same ip protocol that same with kubernetes control plan.
 
-To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.
+To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.

docs/pod-gw.md

@@ -0,0 +1,24 @@
+# Pod Gateway
+
+Kube-OVN support assign a specific pod as another pod's gateway. 
+All traffic from pod to external cluster will be redirected to the gateway pod.
+Thus, user can customize traffic policies in this pod like accounting, eip, qos etc.
+
+## Usage
+Use the following annotation in pod spec:
+- `ovn.kubernetes.io/north_gateway`: The IP address of gateway pod
+
+Example:
+
+```bash
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-gw
+  annotations:
+    ovn.kubernetes.io/north_gateway: 10.16.0.100
+spec:
+  containers:
+  - name: pod-gw
+    image: nginx:alpine
+```

docs/vlan.md

@@ -16,7 +16,7 @@ We are working at combine two networks in one cluster.
 
 1. Get the installation script
 
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.2/dist/images/install.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.3/dist/images/install.sh`
 
 2. Edit the `install.sh`, modify `NETWORK_TYPE` to `vlan`, `VLAN_INTERFACE_NAME` to related host interface.